Customize your own workflow¶
All Workflow files are YAML-based so make sure you follow the YAML syntax. Otherwise, it wouldn't work
What is the {{Binaries}} in the workflow?
{{Binaries}} will be replaced with ~/osmedeus/binaries/ where I store all the binaries for running the workflow . If you already install it in your $PATH environment variable then you can just use the tool directly like your-tool -t {{Target}} instead of {{Binaries}}/your-tool -t {{Target}}
After the installation process is finished, your workflow will be stored at ~/osmedeus-base/workflow.
1. Tweaking commands or threads of the tool depends on your machine specification¶
You can start tweaking the workflow right away by edit any command in module file at ~/osmedeus-base/workflow/general/ folder.
For example you can edit the thread of ffuf command here on dirbscan module
# --snippet--
params:
- inputFile: "{{Output}}/probing/http-{{Workspace}}.txt"
### You can start customizing the command here with the wordlist or the threads of ffuf tool
- wordlists: "{{Data}}/wordlists/content/small.txt"
- ffThreads: '20' # threads for single site
###
- dirbThreads: '10'
- lines: "20"
- dlimit: '50000'
- recursion: '0'
- commitLength: '400'
- chan: '#mics'
pre_run:
- CreateFolder("{{Output}}/directory")
steps:
# check if the size is too big, We don't want tons of garbage here
- conditions:
- "FileLength('{{inputFile}}') > {{dlimit}}"
scripts:
- ErrPrintf("Filter", "Got input file greater than {{dlimit}} line")
- Exit(1)
- required:
- "{{Binaries}}/ffuf"
- "{{inputFile}}"
source: "{{inputFile}}"
threads: '{{dirbThreads}}'
commands:
- "{{Binaries}}/ffuf -t {{ffThreads}} -timeout 15 -ac -fc '429,403,404' -D -e 'asp,aspx,pl,php,html,htm,jsp,cgi' -of json -o {{Output}}/directory/raw-[[._id_]].json -u '[[.line]]/FUZZ' -w {{wordlists}}:FUZZ"
# --snippet--
You can also use the force-params: true in flow file to override the threads in module file like this flow
name: gently-extensive
desc: run extensive routine but with very low threads
type: general
validator: domain
force-params: true
params:
- subfinderThreads: "20"
# probing
- dnsThreads: "300"
- httpThreads: "30"
- massdnsRateBrute: "300"
# screenshot
- screenThreads: "8"
# fingerprint & spider
- ssthreads: "30"
- overviewThreads: '30'
- stoThreads: '30'
- spiderThreads: "5"
# vulnscan
- nucleiThreads: "30"
- jaelesThreads: "20"
# dirbscan
- ffThreads: '20' # threads for single ffuf-scan
- dirbThreads: '2' # how many ffuf run at the same time
# portscan
- ports: "0-65535"
- rateRustScan: "5000"
- nmapThreads: "10"
routines:
- flow: 'extensive'
modules:
- subdomain
- flow: 'extensive'
modules:
- probing
- flow: 'extensive'
modules:
- ssame
- modules:
- screenshot
- modules:
- sto
- fingerprint
- flow: 'extensive'
modules:
- spider
- archive
- modules:
- ipspace
- modules:
- vulnscan
- modules:
- portscan
- flow: 'extensive'
modules:
- dirbscan
- flow: 'extensive'
modules:
- port-fingerprint
- pvulnscan # doing vulnscan + dirbscan on portscan result too
2. Fork another one from community workflow¶
Fork this repo from here https://github.com/osmedeus/osmedeus-workflow and change anything you want and put it to ~/osmedeus-base/workflow folder.
or you can put it in a custom folder then use this command.
osmedeus scan --wfFolder ~/custom-workflow/ -f your-custom-workflow -t sample.com
3. Add your new tool to existing workflow¶
For example, you have a new tool for subdomain enumeration called awesome-subdomain-enum and the usage of it is like awesome-subdomain-enum -t sample.com -o output.txt.
You can easily add it to the existing workflow by adding the following command awesome-subdomain-enum -t {{Target}} >> {{Output}}/subdomain/sum-{{Workspace}}.txt to the subdomain.yaml file at ~/osmedeus-base/workflow/general/subdomain.yaml.
# --snippet--
steps:
- required:
- "{{Binaries}}/amass"
- "{{Binaries}}/subfinder"
- "{{Binaries}}/assetfinder"
- "{{Binaries}}/findomain"
commands:
- "timeout -k 1m {{amassTimeout}} {{Binaries}}/amass enum -config {{Data}}/configs/amass.ini -d {{Target}} -o {{Output}}/subdomain/{{Workspace}}-amass.txt > /dev/null 2>&1"
- "{{Binaries}}/assetfinder -subs-only {{Target}} > {{Output}}/subdomain/{{Workspace}}-assetfinder.txt"
# these 3 commands will run in parallels
- commands:
- "{{Binaries}}/findomain -u {{Output}}/subdomain/{{Workspace}}-findomain.txt -t {{Target}} > /dev/null 2>&1"
- "{{Binaries}}/subfinder -d {{Target}} -t {{subfinderThreads}} -o {{Output}}/subdomain/{{Workspace}}-subfinder.txt > /dev/null 2>&1"
# your new tool here
- "awesome-subdomain-enum -t {{Target}} >> {{Output}}/subdomain/sum-{{Workspace}}.txt"
# --snippet--
4. Writing a new flow¶
Create a new flow file at ~/osmedeus-base/workflow/your-workflow.yaml by customize the general flow file.
If you want to use your own modules, you can change the type: general to type: you-workflow specify the folder of your modules.
name: your-workflow
desc: run subdomain enumeration and content discovery
type: general # this is mean module file will be read from `~/osmedeus-base/workflow/general/` folder
validator: domain
routines:
- modules:
- subdomain
- modules:
- probing
- modules:
- dirbscan
Now you can run your workflow with this command osmedeus scan -f your-workflow -t sample.com
5. Writing a new module¶
5.1 Write your custom module your-module.yaml¶
Create a new module file at ~/osmedeus-base/workflow/general/your-module.yaml.
name: your-module
desc: Finding archive URLs from Github
report:
final:
- "{{Output}}/archive/{{Workspace}}-archive.txt"
params:
- httpFile: "{{Output}}/probing/http-{{Workspace}}.txt"
- archiveTimeout: "1h"
pre_run:
- CreateFolder("{{Output}}/archive")
steps:
- required:
- "{{Binaries}}/github-endpoints"
- "{{Binaries}}/durl"
# @NOTE: github-endpoints require you to setup your own github token
commands:
- "{{Binaries}}/github-endpoints -raw -e -all -d {{Target}} -o {{Output}}/archive/raw-{{Workspace}}-archive.txt | {{Binaries}}/durl | shuf -n {{alimit}} >> {{Output}}/archive/{{Workspace}}-archive.txt"
scripts:
- "SortU('{{Output}}/archive/{{Workspace}}-archive.txt')"
Now you can run your workflow with this command osmedeus scan -f general -t sample.com
5.2 Add a new module to exsting workflow¶
Adding a new module file to the general.yaml flow file.
name: general
desc: run normal routine
type: general
validator: domain
routines:
- modules:
- subdomain
- modules:
- probing
- modules:
- fingerprint
- modules:
- screenshot
- modules:
- spider
- modules:
- sto
- archive
- ipspace
- modules:
- vulnscan
- modules:
- dirbscan
- modules:
- portscan
- modules:
- your-module